/** * Gets principal instance for the given name. This method uses feature of the security context to discover known principals. * * @param name the name of the principal. * @return principal instance. */ private Principal principal( String name ) { return SimplePrincipal.newInstance(name); } }
public static String jcrPrincipal(String cmisPrincipal) { return cmisPrincipal.equalsIgnoreCase(CMIS_ANYONE) ? SimplePrincipal.EVERYONE.getName() : cmisPrincipal; }
/** * Creates new instance of the principal. * * @param name the name of the user. * @return new user name principal. */ public static SimplePrincipal newInstance(String name) { return new SimplePrincipal(name); }
/** * Gets principal instance for the given name. This method uses feature of the security context to discover known principals. * * @param name the name of the principal. * @return principal instance. */ private Principal principal( String name ) { return SimplePrincipal.newInstance(name); } }
/** * Creates new instance of the principal. * * @param name the name of the user. * @return new user name principal. */ public static SimplePrincipal newInstance(String name) { return new SimplePrincipal(name); }
/** * Constructs a SimplePrincipal after encoding the source principal's type into the name. * @param principal the source principal * @return a SimplePrincipal derived from the source */ private static SimplePrincipal encodePrincipal(Principal principal) { if (principal instanceof UsernamePrincipal) { return SimplePrincipal.newInstance(USER_PREFIX + principal.getName()); } else if (principal instanceof Group) { return SimplePrincipal.newInstance(GROUP_PREFIX + principal.getName()); } else { return SimplePrincipal.newInstance(principal.getName()); } }
@Override public Principal getUnknownPrincipal( Session session ) { return SimplePrincipal.newInstance("unknown"); }
/** * Derives the correct principal type from the info encoded in the name of the provided * SimplePrincipal coming from ModeShape. If the SimplePrincipal does not have encoded * type info then just return it. * @param principal a SimplePrincipal that may have encoded type information. * @return the derived Principal */ private static Principal derivePrincipal(SimplePrincipal principal) { if (principal.getName().startsWith(USER_PREFIX)) { return new UsernamePrincipal(principal.getName().substring(USER_PREFIX.length())); } else if (principal.getName().startsWith(GROUP_PREFIX)) { return new GroupPrincipal(principal.getName().substring(GROUP_PREFIX.length())); } else { return principal; } }
@Override public void logout() { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Logging out security context...."); } authenticationManager.logout(SimplePrincipal.newInstance(jaasSecurityContext.getUserName()), null); jaasSecurityContext.logout(); } }
for (AccessControlEntryImpl ace : principals.values()) { if (ace.getPrincipal().getName().equals(SimplePrincipal.EVERYONE.getName())) { if (ace.hasPrivileges(privileges)) { return true;
@Override public Principal getKnownPrincipal( Session session ) { return SimplePrincipal.newInstance(session.getUserID()); }
for (AccessControlEntryImpl ace : principals.values()) { if (ace.getPrincipal().getName().equals(SimplePrincipal.EVERYONE.getName())) { if (ace.hasPrivileges(privileges)) { return true;
private static boolean addEntry(Session session, AccessControlList acl, Principal principal, Privilege... privileges) throws RepositoryException, AccessControlException, UnsupportedRepositoryOperationException { // Ensure admin is always included in the ACL if (acl.getAccessControlEntries().length == 0) { SimplePrincipal simple = SimplePrincipal.newInstance(ModeShapeRoles.ADMIN); acl.addAccessControlEntry(simple, asPrivileges(session, Privilege.JCR_ALL)); } // ModeShape reads back all principals as SimplePrincipals after they are stored, so we have to use // the same principal type here or the entry will treated as a new one instead of adding privileges to the // to an existing principal. This can be considered a bug in ModeShape. SimplePrincipal simple = encodePrincipal(principal); boolean added = acl.addAccessControlEntry(simple, privileges); return added; }
@Before public void setUp() throws AccessControlException, RepositoryException { // acl-1 JcrAccessControlList alice = new JcrAccessControlList("alice"); alice.addAccessControlEntry(SimplePrincipal.newInstance("alice"), new Privilege[] {new PrivilegeImpl()}); JcrAccessControlList bob = new JcrAccessControlList("bob"); bob.addAccessControlEntry(SimplePrincipal.newInstance("bob"), new Privilege[] {new PrivilegeImpl()}); it = new AccessControlPolicyIteratorImpl(alice, bob); }
@Test public void shouldAllowRead() throws Exception { Node root = session.getRootNode(); Node aircraft = root.addNode("aircraft"); assertThat(aircraft, is(notNullValue())); AccessControlList acl2 = acl("/aircraft"); acl2.addAccessControlEntry(SimplePrincipal.newInstance("Admin"), new Privilege[] {acm.privilegeFromName(Privilege.JCR_ALL)}); acl2.addAccessControlEntry(SimplePrincipal.newInstance("anonymous"), new Privilege[] {acm.privilegeFromName(Privilege.JCR_READ)}); acm.setPolicy("/aircraft", acl2); AccessControlList acl = acl("/"); acl.addAccessControlEntry(SimplePrincipal.newInstance("Admin"), new Privilege[] {acm.privilegeFromName(Privilege.JCR_ALL)}); acl.addAccessControlEntry(SimplePrincipal.newInstance("anonymous"), new Privilege[] {acm.privilegeFromName(Privilege.JCR_READ)}); acm.setPolicy("/", acl); session.save(); root = session.getRootNode(); aircraft = root.getNode("aircraft"); }
private ExecutionContext validateSimpleCredentials( SimpleCredentials credentials, ExecutionContext repositoryContext) { if (LOGGER.isDebugEnabled()) { LOGGER.debugv("Authenticating {0} in the {1} security domain using the JBoss Server security manager", credentials.getUserID(), securityDomain()); } Subject subject = new Subject(); if (authenticationManager.isValid(SimplePrincipal.newInstance(credentials.getUserID()), credentials.getPassword(), subject)) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Authentication successful...."); } return repositoryContext.with(new JBossSecurityContext(new JaasSecurityContext(subject))); } else { if (LOGGER.isDebugEnabled()) { LOGGER.debugv("Credentials for {0} are not valid for the {1} security domain", credentials.getUserID(), securityDomain()); } return null; } }
@Before public void setUp() throws AccessControlException, RepositoryException { privileges = new Privileges(session); rw = new Privilege[] {privileges.forName(Privilege.JCR_READ), privileges.forName(Privilege.JCR_WRITE)}; acl.addAccessControlEntry(SimplePrincipal.newInstance("kulikov"), rw); }
@Test public void shouldAllowAccessUsingRole() throws Exception { Node root = session.getRootNode(); Node truks = root.addNode("tractors"); session.save(); AccessControlManager acm = session.getAccessControlManager(); Privilege[] privileges = new Privilege[] {acm.privilegeFromName(Privilege.JCR_ALL)}; AccessControlList acl; AccessControlPolicyIterator it = acm.getApplicablePolicies(truks.getPath()); if (it.hasNext()) { acl = (AccessControlList)it.nextAccessControlPolicy(); } else { acl = (AccessControlList)acm.getPolicies(truks.getPath())[0]; } acl.addAccessControlEntry(SimplePrincipal.newInstance("admin"), privileges); acm.setPolicy(truks.getPath(), acl); session.save(); Node node = root.getNode("tractors"); assertThat(node, is(notNullValue())); }